View Single Post
  #1  
Old 7th December 2007, 20:12
DrJohn DrJohn is offline
Member
 
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
Default OpenVPN DHCP, DNS problems

<Gutsy, OpenVPN 2.0.9, Shorewall 3.4.4, Samba 3.0.26 as PDC, dhcpd is running>

Shorewall server policy is configured for open access between loc <--> vpn and $FW<--> vpn (vpn is the separate zone established for openVPN). OpenVPN is in a routing configuration. Samba is running as PDC and WINS is enabled.

The WinXP Pro laptop's firewall is on with ports 1024-2096 open, and it reports no blocked packets.

I have no problems establishing a tunnel from the laptop either 1) when connected directly to the Internet (on a spare fixed IP address), or 2) from behind a NATed corporate firewall at work.

Once connected, however, I encounter several problems.

1) I only can connect to the server and the other systems on its local LAN using their IP addresses; network names don't work. This is true for SSH, NetHood shares, Remote Desktop Connections. For the server I can use either its openVNP 10.8.0.1 or its local IP of 192.168.2.254.

The corporate LAN on which the laptop sits uses subnets 192.168.1.0/24 and 10.0.0.0/20, separate from anything on the vpn or the local LAN.

From a WinXP system on the LAN I can use network names internally, but the laptop doesn't appear in the NetHood. From a Gutsy client setup on the LAN I see the server and the WinXP machines, but not the laptop.

It doesn't make any difference if I explicitly enable NetBIOS over TCP/IP in the Tap adapter or not.

So, routing is up but SMB or NetBIOS aren't hitting the vpn.

Here's the relevant part of smb.conf:

Code:
   passdb backend = tdbsam
   security = user
   username map = /etc/samba/smbusers
   name resolve order = bcast wins host lmhosts
   domain logons = yes
   preferred master = yes
   wins support = yes

   #Control net access
   hosts allow = 192.168.2. 192.168.3. 10.8.0. localhost
   interfaces = eth0 eth2 vpn lo
   bind interfaces only = yes

2) I get one DHCP lease renewal error in the WinXP application event log with a timestamp that matches the time that the tunnel was established:
The IP address lease 10.8.0.6 for the Network Card with network address 00FF2B6ED103 has been denied by the DHCP server 10.8.0.5 (The DHCP Server sent a DHCPNACK message).
ipconfig on the laptop reveals that it was given 10.8.0.5 as DHCP server address for the Tap-Win32 adapter (it also has 10.8.0.1 for DNS and WINS servers as pushed from openVPN's server).

This isn't really a problem but may be a symptom of another related issue.


Any comments, hints, suggestions on how to get network browsing to work on OpenVPN are greatly appreciated.

-- Dr John


3)
Reply With Quote
Sponsored Links